Bank-based onboarding for merchant integration

ABSTRACT

Embodiments disclosed are directed to a computing system that performs steps for entity integration. The computing system receives, from a user device, an electronic request to associate a first online account of a user associated with a first entity with a second online account of the user associated with a second entity. The computing system authenticates the user device to verify that an identity of the user is authentic. The computing system determines whether the second online account exists and, if so, identifies a match between a first user property of the first online account and a second user property of the second online account. Based on the identified match, the computing system links the first online account with the second online account and updates, based on a first online account property of the first online account, a second online account property of the second online account.

TECHNICAL FIELD

Embodiments relate to entity integration, specifically a system thatperforms bank-based onboarding for merchant integration.

BACKGROUND

When customers make purchases at merchant sites, they typically need tocreate an account with the merchant to shop at the merchant site or toremember their purchasing histories. Further, when fraud occurs, thecustomers must manually update their credit card information in each oftheir merchant accounts. As a result, much effort is required fromcustomers to create and maintain their merchant accounts.

SUMMARY

Provided herein are system, apparatus, article of manufacture, methodand/or computer program product embodiments, and/or combinations andsub-combinations thereof, for entity integration.

Several embodiments are directed to computer-implemented methods forentity integration. For example, a computer-implemented method caninclude receiving, by a cloud server and from a user device in responseto input from a user of the user device, an electronic request toassociate a first online account of the user with a second onlineaccount of the user. The first online account can be associated with afirst entity, and the second online account can be associated with asecond entity different from the first entity. The computer-implementedmethod can further include authenticating, by an authentication serviceof the cloud server, the user device to verify that an identity of theuser is authentic. The computer-implemented method can further includedetermining, by an analysis service of the cloud server, whether thesecond online account exists. In response to determining that the secondonline account exists, the computer-implemented method can furtherinclude identifying, by a comparison service of the cloud server, amatch between a first user property of the first online account and asecond user property of the second online account. Subsequently, basedon the identified match, the computer-implemented method can furtherinclude linking, by a linking service of the cloud server, the firstonline account with the second online account, and updating, by acontrol service of the cloud server and based on a first online accountproperty of the first online account, a second online account propertyof the second online account.

In several embodiments, the first entity can be a financial institution.In several embodiments, the second entity can be a merchant. In severalembodiments, the first user property can be a first e-mail address. Inseveral embodiments, the second user property can be a second e-mailaddress. In several embodiments, the first online account property caninclude first credit card information. In several embodiments, thesecond online account property can include second credit cardinformation.

In several embodiments, the linking the first online account with thesecond online account can include linking, by the linking service of thecloud server, the first online account with the second online account inresponse to the user logging into the first online account through agraphical user interface associated with the second online account.

In several embodiments, the first online account can include a pluralityof payment methods having a plurality of rewards points options. Afterlinking the first online account with the second online account, thecomputer-implemented method can further include: receiving, by the cloudserver and from the second entity, an electronic transaction requestassociated with the second online account; selecting, by the a paymentmethod selection service of the cloud server, one of the plurality ofpayment methods having a maximum rewards points for the electronictransaction request; generating, by an electronic message generationservice of the cloud server, a first electronic message recommending theselected one of the plurality of payment methods for completing theelectronic transaction request; transmitting, by the cloud server, thefirst electronic message to a secure application installed on the userdevice and associated with the user, the first online account, and thefirst entity; receiving, by the cloud server and from the secureapplication, a second electronic message indicative of an instructionfrom the user to complete the electronic transaction request using theselected one of the plurality of payment methods; and, in response toreceiving the second electronic message, completing, by a paymentprocessing service of the cloud server, the electronic transactionrequest using the selected one of the plurality of payment methods.

In several embodiments, in response to determining that the secondonline account does not exist, the computer-implemented method canfurther include generating, by an online account generation service ofthe cloud server, the second online account based on the first onlineaccount. In several embodiments, the computer-implemented method canfurther include generating, by a password generation service of thecloud server, a password for the second online account; generating, byan electronic message generation service of the cloud server, anelectronic message including the password; and transmitting, by thecloud server, the electronic message to a secure application installedon the user device and associated with the user, the first onlineaccount, and the first entity.

In several embodiments, in response to detecting an unauthorized accessto the first online account, the computer-implemented method can furtherinclude locking, by the control service of the cloud server, the firstonline account property of the first online account; and updating, bythe control service of the cloud server and based on the locked firstonline account property of the first online account, the second onlineaccount property of the second online account to lock the second onlineaccount property of the second online account.

Several embodiments are directed to non-transitory computer readablemedia. For example, a non-transitory computer readable medium caninclude instructions for causing a processor to perform operations forentity integration. The operations can include receiving, from a userdevice in response to input from a user of the user device, anelectronic request to associate a first online account of the user witha second online account of the user. The first online account can beassociated with a first entity, and the second online account can beassociated with a second entity different from the first entity. Theoperations can further include authenticating the user device to verifythat an identity of the user is authentic. The operations can furtherinclude determining whether the second online account exists. Inresponse to determining that the second online account exists, theoperations can further include identifying a match between a first userproperty of the first online account and a second user property of thesecond online account. Subsequently, based on the identified match, theoperations can further include linking the first online account with thesecond online account and updating, based on a first online accountproperty of the first online account, a second online account propertyof the second online account.

In several embodiments, to perform the linking the first online accountwith the second online account, the operations include linking the firstonline account with the second online account in response to the userlogging into the first online account through a graphical user interfaceassociated with the second online account.

In several embodiments, the first online account includes a plurality ofpayment methods having a plurality of rewards points options. Afterlinking the first online account with the second online account, theoperations further can further include: receiving, from the secondentity, an electronic transaction request associated with the secondonline account; selecting one of the plurality of payment methods havinga maximum rewards points for the electronic transaction request;generating a first electronic message recommending the selected one ofthe plurality of payment methods for completing the electronictransaction request; transmitting the first electronic message to asecure application installed on the user device and associated with theuser, the first online account, and the first entity; receiving, fromthe secure application, a second electronic message indicative of aninstruction from the user to complete the electronic transaction requestusing the selected one of the plurality of payment methods; and, inresponse to receiving the second electronic message, completing theelectronic transaction request using the selected one of the pluralityof payment methods.

In several embodiments, in response to determining that the secondonline account does not exist, the operations can further includegenerating the second online account based on the first online account.In several embodiments, the operations can further include: generating apassword for the second online account; generating an electronic messageincluding the password; and transmitting the electronic message to asecure application installed on the user device and associated with theuser, the first online account, and the first entity.

In several embodiments, in response to detecting an unauthorized accessto the first online account, the operations can further include: lockingthe first online account property of the first online account; andupdating, based on the locked first online account property of the firstonline account, the second online account property of the second onlineaccount to lock the second online account property of the second onlineaccount.

Several embodiments are directed to computing systems for entityintegration. For example, a computing system can include a storage unitconfigured to store instructions. The computer system can furtherinclude a control unit coupled to the storage unit and configured toprocess the stored instructions to perform operations that includereceiving, from a user device in response to input from a user of theuser device, an electronic request to associate a first online accountof the user with a second online account of the user. The first onlineaccount can be associated with a first entity, and the second onlineaccount can be associated with a second entity different from the firstentity. The operations can further include authenticating the userdevice to verify that an identity of the user is authentic. Theoperations can further include determining whether the second onlineaccount exists. In response to a determination that the second onlineaccount exists, the operations can further include identifying a matchbetween a first user property of the first online account and a seconduser property of the second online account. Based on the identifiedmatch, the operations can further include linking the first onlineaccount with the second online account and updating, based on a firstonline account property of the first online account, a second onlineaccount property of the second online account.

In several embodiments, to link the first online account with the secondonline account, the control unit can be configured to process the storedinstructions to perform operations including linking the first onlineaccount with the second online account in response to the user logginginto the first online account through a graphical user interfaceassociated with the second online account.

In several embodiments, the first online account can include a pluralityof payment methods having a plurality of rewards points options. Afterthe first online account has been linked with the second online account,the control unit can be further configured to process the storedinstructions to perform operations including receiving, from the secondentity, an electronic transaction request associated with the secondonline account. The operations can further include selecting one of theplurality of payment methods having a maximum rewards points for theelectronic transaction request. The operations can further includegenerating a first electronic message recommending the selected one ofthe plurality of payment methods for completing the electronictransaction request. The operations can further include transmitting thefirst electronic message to a secure application installed on the userdevice and associated with the user, the first online account, and thefirst entity. The operations can further include receiving, from thesecure application, a second electronic message indicative of aninstruction from the user to complete the electronic transaction requestusing the selected one of the plurality of payment methods. In responseto a receipt of the second electronic message, the operations canfurther include completing the electronic transaction request using theselected one of the plurality of payment methods.

In several embodiments, in response to a third determination that thesecond online account does not exist, the control unit can be furtherconfigured to process the stored instructions to perform operationsincluding generating the second online account based on the first onlineaccount, generating a password for the second online account, generatingan electronic message including the password, and transmitting theelectronic message to a secure application installed on the user deviceand associated with the user, the first online account, and the firstentity.

In several embodiments, in response to a detection of an unauthorizedaccess to the first online account, the control unit can be furtherconfigured to process the stored instructions to perform operationsincluding locking the first online account property of the first onlineaccount and updating, based on the locked first online account propertyof the first online account, the second online account property of thesecond online account to lock the second online account property of thesecond online account.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated herein and form a partof the specification, illustrate embodiments of the present disclosureand, together with the description, further serve to explain theprinciples of the disclosure and to enable a person skilled in the artto make and use the embodiments.

FIGS. 1A and 1B illustrate an example system for entity integrationaccording to some embodiments.

FIGS. 2A, 2B, and 2C illustrate an example method for entity integrationaccording to some embodiments.

FIG. 3 is an example architecture of components implementing an examplesystem for entity integration according to some embodiments.

DETAILED DESCRIPTION

Embodiments disclosed herein relate to systems and methods for entityintegration. The systems and methods disclosed herein may achieve entityintegration by utilizing a user's financial institution account whenmaking a transaction with a merchant to integrate or create the user'smerchant account.

In several embodiments, a financial institution can utilize bank-basedonboarding to integrate user accounts with merchants. After utilizingvarious methods of authentication to verify that the user's identity istrue (e.g., gov-id, step-up, sms-opt, etc.), the financial institutioncan link to the merchants desired by a user and, if the user's email onfile with the financial institution matches with the user's email onfile with the merchants, the financial institution can link the accountstogether to update the credit card on file with those merchants. If anaccount with a merchant does not exist, the financial institution cancreate one for the user using the user's email address on file with thefinancial institution and generate a password for the user that isavailable for them in their secure banking app provided by the financialinstitution. This option could be used both (i) to create a new accountwith the merchant if one does not exist and (ii) to link existingaccounts together with the financial institution, all in one click.

In several embodiments, a merchant could also allow a “Login with<Financial Institution>” option similar to “Login with Google” and othersuch techniques. This can enable users to link their financialinstitution and merchant accounts to use (e.g., in some aspects, toalways use) the updated card information or to use a virtual card witheach of these merchants. When fraud happens, the financial institutioncan update the user's account with the merchant with a new card on fileto avoid disruptions to the user's purchasing activity.

In several embodiments, after the account is linked or created, when theuser wants to checkout, the financial institution can pull up the user'scredit cards with the financial institution and suggest the credit cardsthat will earn the maximum rewards points for the user, all without theuser having to enter their credit card number, billing address, andother details. The merchant also benefits because checkout is faster andthe financial institution updates the user's credit card on file in casethe credit card number changes, resulting in less friction.

In several embodiments, if the user's account with the merchant wascreated by the financial institution and the password is known to thefinancial institution, the financial institution can further: (i) updateand/or lock the user's credit card at the merchant site if a breach orfraud happens; (ii) step up the user if a purchase happens right aroundwhen the breach or fraud has happened; and (iii) ask the user to updatethe credit card on file at the merchant site based on knowledge of howold the card number is.

The following embodiments are described in sufficient detail to enablethose skilled in the art to make and use the disclosure. It is to beunderstood that other embodiments are evident based on the presentdisclosure, and that system, process, or mechanical changes may be madewithout departing from the scope of an embodiment of the presentdisclosure.

In the following description, numerous specific details are given toprovide a thorough understanding of the disclosure. However, it will beapparent that the disclosure may be practiced without these specificdetails. In order to avoid obscuring an embodiment of the presentdisclosure, some circuits, system configurations, architectures, andprocess steps are not disclosed in detail.

The drawings showing embodiments of the system are semi-diagrammatic,and not to scale. Some of the dimensions are for the clarity ofpresentation and are shown exaggerated in the drawing figures.Similarly, although the views in the drawings are for ease ofdescription and generally show similar orientations, this depiction inthe figures is arbitrary for the most part. Generally, the disclosuremay be operated in any orientation.

The term “module” or “unit” referred to herein may include software,hardware, or a combination thereof in an embodiment of the presentdisclosure in accordance with the context in which the term is used. Forexample, the software may be machine code, firmware, embedded code, orapplication software. Also for example, the hardware may be circuitry, aprocessor, a special purpose computer, an integrated circuit, integratedcircuit cores, or a combination thereof. Further, if a module or unit iswritten in the system or apparatus claim section below, the module orunit is deemed to include hardware circuitry for the purposes and thescope of the system or apparatus claims.

The term “service” or “services” referred to herein can include acollection of modules or units. A collection of modules or units may bearranged, for example, in software or hardware libraries or developmentkits in embodiments of the present disclosure in accordance with thecontext in which the term is used. For example, the software or hardwarelibraries and development kits may be a suite of data and programmingcode, for example pre-written code, classes, routines, procedures,scripts, configuration data, or a combination thereof, that may becalled directly or through an application programming interface (API) tofacilitate the execution of functions of the system.

The modules, units, or services in the following description of theembodiments may be coupled to one another as described or as shown. Thecoupling may be direct or indirect, without or with intervening itemsbetween coupled modules, units, or services. The coupling may be byphysical contact or by communication between modules, units, orservices.

System Overview and Function

FIGS. 1A and 1B illustrate an example system 100 for entity integrationaccording to some embodiments. In several embodiments, as shown in FIG.1A, system 100 can include a client device 110 associated with a user102, a client device 160 associated with a user 104, a network 120, acloud server 130, a first online account database 140 associated with afirst entity (e.g., a financial institution), and a second onlineaccount database 150 associated with a second entity (e.g., a merchant).In several embodiments, the client device 110 can further include anapplication 112 which, in several embodiments, includes anauthentication module 114 having access to a plurality of deviceattributes stored on, or in association with, the client device 110. Inseveral embodiments, the client device 160 can further include anapplication 162 which, in several embodiments, includes anauthentication module 164 having access to a plurality of deviceattributes stored on, or in association with, the client device 160. Inseveral embodiments, as shown in FIG. 1B, the cloud server 130 caninclude an authentication service 172, an analysis service 174, acomparison service 176, a linking service 178, a control service 180, apayment method selection service 182, an electronic message generationservice 184, a payment processing service 186, an online accountgeneration service 188, a password generation service 190, anunauthorized access detection service 192, any other suitable service,or any combination thereof.

The client device 110 and the client device 160 may be any of a varietyof centralized or decentralized computing devices. For example, one orboth of the client device 110 and the client device 160 may be a mobiledevice, a laptop computer, a desktop computer, or a point-of-sale (POS)device. In several embodiments, one or both of the client device 110 andthe client device 160 can function as a stand-alone device separate fromother devices of the system 100. The term “stand-alone” can refer to adevice being able to work and operate independently of other devices. Inseveral embodiments, the client device 110 and the client device 160 canstore and execute the application 112 and the application 162,respectively.

Each of the application 112 and the application 162 may refer to adiscrete software that provides some specific functionality. Forexample, the application 112 may be a mobile application that the user102 can utilize to perform some functionality, whereas the application162 may be a mobile application that the user 104 can utilize to performsome functionality. For example and without limitation, the user 102,the user 104, or both can utilize the functionality to perform banking,data transfers, or commercial transactions. In other embodiments, one ormore of the application 112 and the application 162 may be a desktopapplication that the user 102 or the user 104 can utilize to perform theaforementioned functionalities.

In several embodiments, the client device 110 and the client device 160can be coupled to the cloud server 130 via a network 120. The cloudserver 130 may be part of a backend computing infrastructure, includinga server infrastructure of a company or institution, to which theapplication 112 and the application 162 belong. While the cloud server130 is described and shown as a single component in FIGS. 1A and 1B,this is merely an example. In some embodiments, the cloud server 130 cancomprise a variety of centralized or decentralized computing devices.For example, the cloud server 130 may include a mobile device, a laptopcomputer, a desktop computer, grid-computing resources, a virtualizedcomputing resource, cloud computing resources, peer-to-peer distributedcomputing devices, a server farm, or a combination thereof. The cloudserver 130 may be centralized in a single room, distributed acrossdifferent rooms, distributed across different geographical locations, orembedded within the network 120. While the devices comprising the cloudserver 130 can couple with the network 120 to communicate with theclient device 110 and the client device 160, the devices of the cloudserver 130 can also function as stand-alone devices separate from otherdevices of the system 100.

In several embodiments, the cloud server 130 can be implemented usingcloud computing resources of a public or private cloud. A private cloudrefers to a cloud environment similar to a public cloud with theexception that it is operated solely for a single organization.

In several embodiments, the cloud server 130 can couple to the clientdevice 110 to allow the application 112 to function. For example, inseveral embodiments, both the client device 110 and the cloud server 130can have at least a portion of the application 112 installed thereon asinstructions on a non-transitory computer readable medium. The clientdevice 110 and the cloud server 130 can both execute portions of theapplication 112 using client-server architectures, to allow theapplication 112 to function.

In several embodiments, the cloud server 130 can couple to the clientdevice 160 to allow the application 162 to function. For example, inseveral embodiments, both the client device 160 and the cloud server 130can have at least a portion of the application 162 installed thereon asinstructions on a non-transitory computer readable medium. The clientdevice 160 and the cloud server 130 can both execute portions of theapplication 162 using client-server architectures, to allow theapplication 162 to function.

In several embodiments, the cloud server 130 can transmit requests andother data to, and receive requests, indications, device attributes, andother data from, the authentication module 114 and the authenticationmodule 164 (and in effect the client device 110 and the client device160, respectively) via the network 120. The network 120 refers to atelecommunications network, such as a wired or wireless network. Thenetwork 120 can span and represent a variety of networks and networktopologies. For example, the network 120 can include wirelesscommunications, wired communications, optical communications, ultrasoniccommunications, or a combination thereof. For example, satellitecommunications, cellular communications, Bluetooth, Infrared DataAssociation standard (IrDA), wireless fidelity (Wi-Fi), and worldwideinteroperability for microwave access (WiMAX) are examples of wirelesscommunications that may be included in the network 120. Cable, Ethernet,digital subscriber line (DSL), fiber optic lines, fiber to the home(FTTH), and plain old telephone service (POTS) are examples of wiredcommunications that may be included in the network 120. Further, thenetwork 120 can traverse a number of topologies and distances. Forexample, the network 120 can include a direct connection, personal areanetwork (PAN), local area network (LAN), metropolitan area network(MAN), wide area network (WAN), or a combination thereof. Forillustrative purposes, in the embodiment of FIGS. 1A and 1B, the system100 is shown with the client device 110, the client device 160, and thecloud server 130 as end points of the network 120. This, however, is anexample and it is to be understood that the system 100 can have adifferent partition between the client device 110, the client device160, the cloud server 130, and the network 120. For example, the clientdevice 110, the client device 160, and the cloud server 130 can alsofunction as part of the network 120.

In several embodiments, the client device 110 and the client device 160can include at least the authentication module 114 and theauthentication module 164, respectively. In several embodiments, each ofthe authentication module 114 and the authentication module 164 may be amodule of the application 112 and the application 162, respectively. Inseveral embodiments, the authentication module 114 and theauthentication module 164 can enable the client device 110 and theclient device 160, respectively, and/or the application 112 and theapplication 162, respectively, to receive requests and other data from,and transmit requests, device attributes, indications, and other datato, the authentication service 172 and/or the cloud server 130 via thenetwork 120. In several embodiments, this may be done by having theauthentication module 114 and the authentication module 164 couple tothe authentication service 172 via an API to transmit and receive dataas a variable or parameter.

In several embodiments, the cloud server 130 can include at least theauthentication service 172. In several embodiments, the authenticationservice 172 may be implemented as a software application on the cloudserver 130. In several embodiments, the authentication service 172 canenable receipt of electronic information (e.g., device attributes,online account properties) from the authentication module 114 and theauthentication module 164. This may be done, for example, by having theauthentication service 172 couple to the authentication module 114 andthe authentication module 164 via a respective API to receive theelectronic information as a variable or parameter. In severalembodiments, the authentication service 172 can further enable storageof the electronic information in a local storage device or transmission(e.g., directly, or indirectly via the network 120) of the electronicinformation to the first online account database 140, the second onlineaccount database 150, or both for storage and retrieval.

The first online account database 140 may be a database or repositoryused to store first online account properties 142, any other suitabledata, or any combination thereof for a first entity, such as a financialinstitution or bank. For example, the first online account database 140can store, in a list or as table entries, the online account informationfor one or more user accounts of the first entity as the first onlineaccount properties 142. The second online account database 150 may be adatabase or repository used to store the second online accountproperties 152, any other suitable data, or any combination thereof fora second entity, such as a merchant. For example, the second onlineaccount database 150 can store, in a list or as table entries, theonline account information for one or more user accounts of the secondentity as the second online account properties 152.

In a variety of embodiments, the authentication service 172 of the cloudserver 130 can provide for authenticating a client device 110 that isattempting to make a transaction (e.g., a balance transfer, adding anauthorized user, etc.) with an entity, such as a merchant, andintegrating that entity into the financial institution of the user 102of the client device 110. For example, the cloud server 130 can receive,from the client device 110 in response to input from the user 102, anelectronic request to associate a first online account of the user 102(e.g., stored in the first online account database 140) with a secondonline account of the user 102 (e.g., potentially stored in the secondonline account database 150). In several embodiments, the first onlineaccount can be associated with a first entity, and the second onlineaccount can be associated with a second entity different from the firstentity. In several embodiments, the first entity can be a financialinstitution, and the second entity can be a merchant. The authenticationservice 172 of the cloud server 130 can authenticate the client device110 to verify that an identity of the user 102 is authentic. Theanalysis service 174 of the cloud server 130 can access and analyze thecontents of the second online account database 150 to determine whetherthe second online account exists in the second online account database150.

In response to determining that the second online account exists in thesecond online account database 150, the comparison service 176 (e.g.,one or more comparators, etc.) of the cloud server 130 can identify amatch between a first user property (e.g., included in the first onlineaccount properties 142) of the first online account and a second userproperty (e.g., included in the second online account properties 152) ofthe second online account. In several embodiments, the first userproperty can be a first e-mail address of the user 102, and the seconduser property can be a second e-mail address of the user 102 thatmatches the first email address of the user 102.

Based on the identified match, the linking service 178 of the cloudserver 130 can link the first online account with the second onlineaccount. In several embodiments, to link the first online account withthe second online account, the linking service 178 of the cloud server130 can link the first online account with the second online account inresponse to the user 102 logging into the first online account through agraphical user interface provided by application 112 and associated withthe second online account. Subsequently, the control service 180 (e.g.,one or more online account controllers) of the cloud server 130 canupdate, based on a first online account property (e.g., included in thefirst online account properties 142) of the first online account, asecond online account property (e.g., included in the second onlineaccount properties 152) of the second online account. In severalembodiments, the first online account property can include first creditcard information, and the second online account property can includesecond credit card information that matches the first credit cardinformation. For example, after linking the first and second onlineaccounts, the control service 180 of the cloud server 130 can update thecredit card information stored in the second online account properties152 with the credit card information stored in the first online accountproperties 142.

In several embodiments, the first online account can include a pluralityof payment methods having a plurality of rewards points options. Afterthe linking service 178 of the cloud server 130 has linked the firstonline account with the second online account, the cloud server 130 canreceive, from the second entity (e.g., from the client device 160), anelectronic transaction request associated with the second onlineaccount. The payment method selection service 182 of the cloud server130 can select one of the plurality of payment methods having a maximumrewards points for the electronic transaction request. The electronicmessage generation service 184 of the cloud server 130 can generate afirst electronic message recommending the selected one of the pluralityof payment methods for completing the electronic transaction request. Inseveral embodiments, the electronic message generation service 184 ofthe cloud server 130 can encrypt the first electronic message using anysuitable encryption technique, such as an Advanced Encryption Standard(AES)-256 symmetric-key encryption technique, an elliptic-curveDiffie-Hellman (ECDH) asymmetric-key encryption technique, or a securehash algorithm 3 (SHA-3) hashing technique, to generate an encryptedelectronic message. The cloud server 130 can transmit the firstelectronic message to the application 112 (e.g., a secure application)installed on the client device 110 and associated with the user 102, thefirst online account, and the first entity. The cloud server 130 canreceive, from the application 112, a second electronic messageindicative of an instruction from the user 102 to complete theelectronic transaction request using the selected one of the pluralityof payment methods. In response to receiving the second electronicmessage, the payment processing service 186 of the cloud server 130 cancomplete the electronic transaction request using the selected one ofthe plurality of payment methods.

In several embodiments, in response to determining that the secondonline account does not exist, the online account generation service 188of the cloud server 130 can generate the second online account based onthe first online account stored in the first online account database140. The password generation service 190 of the cloud server 130 cangenerate a password for the second online account, such as a random (orpseudo-random) alphanumeric password (e.g., 12 characters) for thesecond online account. The electronic message generation service 184 ofthe cloud server 130 can generate an electronic message including thepassword. In several embodiments, the electronic message generationservice 184 of the cloud server 130 can encrypt the electronic message,the password, or both using any suitable encryption technique, such asan AES-256 encryption technique, an ECDH asymmetric-key encryptiontechnique, an ECDH asymmetric-key encryption technique, or a SHA-3hashing technique, to generate an encrypted electronic message, anencrypted password, or both. The cloud server 130 can transmit theelectronic message to the application 112 installed on the client device110 and associated with the user 102, the first online account, and thefirst entity. The control service 180 of the cloud server 130 can storethe second online account and password in the second online accountdatabase 150.

In several embodiments, the unauthorized access detection service 192 ofthe cloud server 130 can detect, or receive an electronic notificationindicative of, an unauthorized access (e.g., including, but not limitedto, a data breach) associated with the first online account. In responseto detecting, or receiving the electronic notification indicative of,the unauthorized access associated with the first online account, thecontrol service 180 of the cloud server 130 can lock the first onlineaccount properties 142 of the first online account. The control service180 of the cloud server 130 then can update, based on the locked firstonline account properties 142, the second online account properties 152of the second online account to lock the second online accountproperties 152.

In some aspects, system 100 described above significantly improves thestate of the art from previous systems because it provides enhancedtechniques for performing entity integration. As a result, a customer(e.g., user 102) no longer needs to create an account at a merchant siteto shop or remember the customer's purchasing history. The customer'semail address at the financial institution can also serve as thecustomer's login information (e.g., username) at the merchant site. Ifthe customer already has an account with the merchant, the customer'smerchant and financial institution accounts can be linked to providebetter access to notifications, updated credit card information whenfraud happens, etc., with very little effort required from the customerand the customer's user device (e.g., client device 110).

Methods of Operation

FIGS. 2A, 2B, and 2C illustrate an example method 200 of operating thesystem 100 to provide for entity integration according to someembodiments. For example, method 200 indicates how the cloud server 130operates.

As shown in FIG. 2A, in several embodiments, in operation 202 the cloudserver 130 can receive, from a user device (e.g., client device 110) inresponse to input from a user (e.g., user 102) of the user device, anelectronic request to associate a first online account of the user witha second online account of the user. The first online account can beassociated with a first entity (e.g., a financial institution) thatmaintains the first online account in a first online account database140. The second online account can be associated with a second entitydifferent from the first entity that maintains, or will maintain, thesecond online account in a second online account database 150.

In several embodiments, in operation 204 the cloud server 130 canauthenticate (e.g., using the authentication service 172) the userdevice to verify that an identity of the user is authentic. In severalembodiments, the cloud server 130 can authenticate the user deviceutilizing one or more authentication methods (e.g., gov-id, step-up,sms-opt, etc.) to verify that the user's identity is authentic (e.g.,true). For example, in response to receiving the electronic request toassociate the first online account of the user with the second onlineaccount of the user, the cloud server 130 can verify that the identityof the user is authentic by determining that the user is logged into, orcan log into (e.g., by providing account credentials such as usernameand password) one or both accounts on the user device. In anotherexample, in response to receiving the electronic request to associatethe first online account of the user with the second online account ofthe user, the cloud server 130 can generate and an electronic requestfor the user to provide an authentic government-issued identificationcard (e.g., driving license, passport, military ID, social securitycard, etc.). The user can use the user device to capture one or moreimages of the user's government-issued identification card and transmitthose images to the cloud server 130 for verification, authentication,or both. The cloud server 130 can receive the one or more images of theuser's government-issued identification card and verify that theidentity of the user is authentic by determining that an image of thatdocument is authentic. The cloud server 130 can determine that theidentity of the user is not authentic by determining that an image ofthat document is or fake, invalid, or otherwise irrelevant.

In several embodiments, in operation 206 the cloud server 130 candetermine (e.g., using the analysis service 174) whether the secondonline account exists. For example, the cloud server 130 can determinethat the second online account exists by accessing the second onlineaccount database 150 and determining that the second account is included(e.g., stored) in the second online account database 150. In anotherexample, the cloud server 130 can determine that the second onlineaccount does not exist by accessing the second online account database150 and determining that the second account is not included in thesecond online account database 150.

In several embodiments, in response to determining that the secondonline account exists, the method 200 can proceed via connector “A” tooperation 208 shown in FIG. 2B. In several embodiments, in response todetermining that the second online account does not exist, the method200 can proceed via connector “B” to operation 214 shown in FIG. 2C.

As shown in FIG. 2B, in several embodiments, in response to determiningthat the second online account exists, in operation 208 the cloud server130 can identify (e.g., using the comparison service 176) a matchbetween a first user property (e.g., a first e-mail address of the userincluded in the first online account properties 142) of the first onlineaccount and a second user property (e.g., a second e-mail address of theuser included in the second online account properties 152) of the secondonline account.

In several embodiments, based on the identified match, in operation 210the cloud server 130 can link (e.g., using the linking service 178) thefirst online account (e.g., included in the first online accountdatabase 140) with the second online account (e.g., included in thesecond online account database 150). For example, the cloud server 130can link the first online account with the second online account inresponse to the user logging into the first online account through agraphical user interface (e.g., provided by the application 112executing on the client device 110) associated with the second onlineaccount.

In several embodiments, in operation 212 the cloud server 130 can update(e.g., using the control service 180), based on a first online accountproperty of the first online account, a second online account propertyof the second online account. In several embodiments, the first onlineaccount property can include first credit card information included inthe first online account properties 142, and the second online accountproperty can include second credit card information included in thesecond online account properties 152.

In several embodiments, the first online account can include a pluralityof payment methods having a plurality of rewards points options. Afterlinking the first online account with the second online account, in oneor more operations the cloud server 130 can: receive, from the secondentity (e.g., using the client device 160), an electronic transactionrequest associated with the second online account; select (e.g., usingthe payment method selection service 182) one of the plurality ofpayment methods having a maximum rewards points for the electronictransaction request; generate (e.g., using the electronic messagegeneration service 184) a first electronic message recommending theselected one of the plurality of payment methods for completing theelectronic transaction request; transmit the first electronic message toa secure application (e.g., the application 112) installed on the userdevice and associated with the user, the first online account, and thefirst entity; receive, from the secure application, a second electronicmessage indicative of an instruction from the user to complete theelectronic transaction request using the selected one of the pluralityof payment methods; and, in response to receiving the second electronicmessage, complete (e.g., using the payment processing service 186) theelectronic transaction request using the selected one of the pluralityof payment methods.

As shown in FIG. 2C, in several embodiments, in response to determiningthat the second online account does not exist, in operation 214 thecloud server 130 can generate (e.g., using the online account generationservice 188) the second online account based on the first onlineaccount. The cloud server 130 can store (e.g., using the control service180) the second online account in the second online account database150. The cloud server 130 can further store (e.g., using the controlservice 180) online account properties associated with the secondaccount as a part of the second online account properties 152.

In several embodiments, in operation 216 the cloud server 130 cangenerate (e.g., using the password generation service 190) a passwordfor the second online account. For example, the cloud server 130 canutilize the password generation service 190 to generate a random (orpseudo-random) alphanumeric password for the second online account. Thecloud server 130 can store (e.g., using the control service 180) thepassword in association with the second account as a part of the secondonline account properties 152.

In several embodiments, in operation 218 the cloud server 130 cangenerate (e.g., using the electronic message generation service 184) anelectronic message including the password. For example, the cloud server130 can generate an electronic mail (e-mail) message that includes thepassword. In another example, the cloud server 130 can encrypt thepassword using any suitable encryption technique, such as an AES-256encryption technique or a SHA-3 hashing technique, to generate anencrypted password. Subsequently, the cloud server 130 can include theencrypted password as a payload in a JSON (JavaScript Object Notation)message.

In several embodiments, in operation 220 the cloud server 130 cantransmit the electronic message to a secure application (e.g., theapplication 112) installed on the user device and associated with theuser, the first online account, and the first entity. For example, thecloud server 130 can transmit the electronic message to the secureapplication installed on the user device over a secure communicationschannel provided by the network 120.

In some embodiments, operation of method 200 can be performed, forexample, by system 100 in accordance with embodiments described above.

In several embodiments, after generating the second online account andpassword, in one or more operations the cloud server 130 can: detect(e.g., using the unauthorized access detection service 192) anunauthorized access to the first online account; in response todetecting the unauthorized access to the first online account, lock(e.g., using the control service 180) the first online account propertyof the first online account; and update (e.g., using the control service180), based on the locked first online account property of the firstonline account, the second online account property of the second onlineaccount to lock the second online account property of the second onlineaccount.

Although FIG. 2C shows an example technique for linking two accounts,such as when a merchant has an account and a financial institution hasan existing account, the cloud server 130 does not require the merchantto have a pre-existing account. In one illustrative and non-limitingexample, a user can verify their financial institution account byentering their email address and receiving a one-time pin (OTP). Thefinancial institution then can send user information (e.g., name,address, phone, credit card number, etc.) to the cloud server 130, whichcan be used to create an account with the merchant and put a card onfile.

Components of the System

FIG. 3 is an example architecture 300 of components implementing thesystem 100 according to some embodiments. The components may beimplemented by any of the devices described with reference to the system100, such as the client device 110, the client device 160, the cloudserver 130, the first online account database 140, the second onlineaccount database 150, or a combination thereof. The components may befurther implemented by any of the devices described with reference tothe method 200.

In several embodiments, the components may include a control unit 302, astorage unit 306, a communication unit 316, and a user interface 312.The control unit 302 may include a control interface 304. The controlunit 302 may execute a software 310 (e.g., the application 112, theauthentication module 114, the application 162, the authenticationmodule 164, the authentication service 172, or a combination thereof) toprovide some or all of the machine intelligence described with referenceto system 100. In another example, the control unit 302 may execute asoftware 310 to provide some or all of the machine intelligencedescribed with reference to method 200.

The control unit 302 may be implemented in a number of different ways.For example, the control unit 302 may be a processor, an applicationspecific integrated circuit (ASIC), an embedded processor, amicroprocessor, a hardware control logic, a hardware finite statemachine (FSM), a digital signal processor (DSP), a field programmablegate array (FPGA), or a combination thereof.

The control interface 304 may be used for communication between thecontrol unit 302 and other functional units or devices of system 100(e.g., the client device 110, the client device 160, the cloud server130, the first online account database 140, the second online accountdatabase 150, or a combination thereof) or those described withreference to method 200. The control interface 304 may also be used forcommunication that is external to the functional units or devices ofsystem 100 or those described with reference to method 200. The controlinterface 304 may receive information from the functional units ordevices of system 100 or method 200, or from remote devices 320, or maytransmit information to the functional units or devices of system 100 ormethod 200, or to remote devices 320. The remote devices 320 refer tounits or devices external to system 100 or method 200.

The control interface 304 may be implemented in different ways and mayinclude different implementations depending on which functional units ordevices of system 100, method 200, or remote devices 320 are beinginterfaced with the control unit 302. For example, the control interface304 may be implemented with a pressure sensor, an inertial sensor, amicroelectromechanical system (MEMS), optical circuitry, waveguides,wireless circuitry, wireline circuitry to attach to a bus, anapplication programming interface, or a combination thereof. The controlinterface 304 may be connected to a communication infrastructure 322,such as a bus, to interface with the functional units or devices ofsystem 100, method 200, or remote devices 320.

The storage unit 306 may store the software 310. For illustrativepurposes, the storage unit 306 is shown as a single element, although itis understood that the storage unit 306 may be a distribution of storageelements. Also for illustrative purposes, the storage unit 306 is shownas a single hierarchy storage system, although it is understood that thestorage unit 306 may be in a different configuration. For example, thestorage unit 306 may be formed with different storage technologiesforming a memory hierarchical system including different levels ofcaching, main memory, rotating media, or off-line storage. The storageunit 306 may be a volatile memory, a nonvolatile memory, an internalmemory, an external memory, or a combination thereof. For example, thestorage unit 306 may be a nonvolatile storage such as nonvolatile randomaccess memory (NVRAM), Flash memory, disk storage, or a volatile storagesuch as static random access memory (SRAM) or dynamic random accessmemory (DRAM).

The storage unit 306 may include a storage interface 308. The storageinterface 308 may be used for communication between the storage unit 306and other functional units or devices of system 100 or method 200. Thestorage interface 308 may also be used for communication that isexternal to system 100 or method 200. The storage interface 308 mayreceive information from the other functional units or devices of system100, method 200, or from remote devices 320, or may transmit informationto the other functional units or devices of system 100 or to remotedevices 320. The storage interface 308 may include differentimplementations depending on which functional units or devices of system100, method 200, or remote devices 320 are being interfaced with thestorage unit 306. The storage interface 308 may be implemented withtechnologies and techniques similar to the implementation of the controlinterface 304.

The communication unit 316 may enable communication to devices,components, modules, or units of system 100, method 200, or remotedevices 320. For example, the communication unit 316 may permit thesystem 100 to communicate between the client device 110, the clientdevice 160, the cloud server 130, the first online account database 140,the second online account database 150, or a combination thereof. Inanother example, the communication unit 316 may permit the functionalunits or devices described with reference to method 200 to communicatewith each other. The communication unit 316 may further permit thedevices of system 100 or method 200 to communicate with remote devices320 such as an attachment, a peripheral device, or a combination thereofthrough the network 120.

As previously indicated, the network 120 may span and represent avariety of networks and network topologies. For example, the network 120may include wireless communication, wired communication, opticalcommunication, ultrasonic communication, or a combination thereof. Forexample, satellite communication, cellular communication, Bluetooth,IrDA, Wi-Fi, and WiMAX are examples of wireless communication that maybe included in the network 120. Cable, Ethernet, DSL, fiber optic lines,FTTH, and POTS are examples of wired communication that may be includedin the network 120. Further, the network 120 may traverse a number ofnetwork topologies and distances. For example, the network 120 mayinclude direct connection, PAN, LAN, MAN, WAN, or a combination thereof.

The communication unit 316 may also function as a communication huballowing system 100 to function as part of the network 120 and not belimited to be an end point or terminal unit to the network 120. Thecommunication unit 316 may include active and passive components, suchas microelectronics or an antenna, for interaction with the network 120.

The communication unit 316 may include a communication interface 318.The communication interface 318 may be used for communication betweenthe communication unit 316 and other functional units or devices ofsystem 100 or to remote devices 320. The communication interface 318 mayreceive information from the other functional units or devices of system100, or from remote devices 320, or may transmit information to theother functional units or devices of the system 100 or to remote devices320. The communication interface 318 may include differentimplementations depending on which functional units or devices are beinginterfaced with the communication unit 316. The communication interface318 may be implemented with technologies and techniques similar to theimplementation of the control interface 304.

The user interface 312 may present information generated by system 100.In several embodiments, a user can utilize the user interface 312 tointerface with the devices of system 100 or remote devices 320. The userinterface 312 may include an input device and an output device. Examplesof the input device of the user interface 312 may include a keypad,buttons, switches, touchpads, soft-keys, a keyboard, a mouse, or anycombination thereof to provide data and communication inputs. Examplesof the output device may include a display interface 314. The controlunit 302 may operate the user interface 312 to present informationgenerated by system 100. The control unit 302 may also execute thesoftware 310 to present information generated by system 100, or tocontrol other functional units of system 100. The display interface 314may be any graphical user interface such as a display, a projector, avideo screen, or any combination thereof.

The above detailed description and embodiments of the disclosed system100 are not intended to be exhaustive or to limit the disclosed system100 to the precise form disclosed above. While specific examples forsystem 100 are described above for illustrative purposes, variousequivalent modifications are possible within the scope of the disclosedsystem 100, as those skilled in the relevant art will recognize. Forexample, while processes and methods are presented in a given order,alternative implementations may perform routines having steps, or employsystems having processes or methods, in a different order, and someprocesses or methods may be deleted, moved, added, subdivided, combined,or modified to provide alternative or sub-combinations. Each of theseprocesses or methods may be implemented in a variety of different ways.Also, while processes or methods are at times shown as being performedin series, these processes or blocks may instead be performed orimplemented in parallel, or may be performed at different times.

The system 100 and the method 200 are cost-effective, highly versatile,and accurate, and may be implemented by adapting components for ready,efficient, and economical manufacturing, application, and utilization.Another important aspect of embodiments of the present disclosure isthat they valuably support and service the trend of reducing costs,simplifying systems, and/or increasing system performance.

These and other valuable aspects of the embodiments of the presentdisclosure consequently further the state of the technology to at leastthe next level. While the disclosed embodiments have been described asthe best mode of implementing system 100, it is to be understood thatmany alternatives, modifications, and variations will be apparent tothose skilled in the art in light of the descriptions herein.Accordingly, it is intended to embrace all such alternatives,modifications, and variations that fall within the scope of the includedclaims. All matters set forth herein or shown in the accompanyingdrawings are to be interpreted in an illustrative and non-limitingsense. Accordingly, the disclosure is not to be restricted except inlight of the attached claims and their equivalents.

What is claimed is:
 1. A computer-implemented method for entityintegration, the computer-implemented method comprising: receiving, by acloud server and from a user device in response to input from a user ofthe user device, an electronic request to associate a first onlineaccount of the user with a second online account of the user, whereinthe first online account is associated with a first entity, and whereinthe second online account is associated with a second entity differentfrom the first entity; authenticating, by an authentication service ofthe cloud server, the user device to verify that an identity of the useris authentic; determining, by an analysis service of the cloud server,whether the second online account exists; in response to determiningthat the second online account exists, identifying, by a comparisonservice of the cloud server, a match between a first user property ofthe first online account and a second user property of the second onlineaccount; and based on the identified match, linking, by a linkingservice of the cloud server, the first online account with the secondonline account, and updating, by a control service of the cloud serverand based on a first online account property of the first onlineaccount, a second online account property of the second online account.2. The computer-implemented method of claim 1, wherein: the first entityis a financial institution; and the second entity is a merchant.
 3. Thecomputer-implemented method of claim 1, wherein: the first user propertyis a first e-mail address; and the second user property is a seconde-mail address.
 4. The computer-implemented method of claim 1, wherein:the first online account property comprises first credit cardinformation; and the second online account property comprises secondcredit card information.
 5. The computer-implemented method of claim 1,wherein the linking the first online account with the second onlineaccount comprises: linking, by the linking service of the cloud server,the first online account with the second online account in response tothe user logging into the first online account through a graphical userinterface associated with the second online account.
 6. Thecomputer-implemented method of claim 1, wherein: the first onlineaccount comprises a plurality of payment methods having a plurality ofrewards points options; and after linking the first online account withthe second online account, the computer-implemented method furthercomprises: receiving, by the cloud server and from the second entity, anelectronic transaction request associated with the second onlineaccount; selecting, by a payment method selection service of the cloudserver, one of the plurality of payment methods having a maximum rewardspoints for the electronic transaction request; generating, by anelectronic message generation service of the cloud server, a firstelectronic message recommending the selected one of the plurality ofpayment methods for completing the electronic transaction request;transmitting, by the cloud server, the first electronic message to asecure application installed on the user device and associated with theuser, the first online account, and the first entity; receiving, by thecloud server and from the secure application, a second electronicmessage indicative of an instruction from the user to complete theelectronic transaction request using the selected one of the pluralityof payment methods; and in response to receiving the second electronicmessage, completing, by a payment processing service of the cloudserver, the electronic transaction request using the selected one of theplurality of payment methods.
 7. The computer-implemented method ofclaim 1, further comprising: in response to determining that the secondonline account does not exist, generating, by an online accountgeneration service of the cloud server, the second online account basedon the first online account.
 8. The computer-implemented method of claim7, further comprising: generating, by a password generation service ofthe cloud server, a password for the second online account; generating,by an electronic message generation service of the cloud server, anelectronic message comprising the password; and transmitting, by thecloud server, the electronic message to a secure application installedon the user device and associated with the user, the first onlineaccount, and the first entity.
 9. The computer-implemented method ofclaim 1, further comprising: in response to detecting an unauthorizedaccess to the first online account, locking, by the control service ofthe cloud server, the first online account property of the first onlineaccount; and updating, by the control service of the cloud server andbased on the locked first online account property of the first onlineaccount, the second online account property of the second online accountto lock the second online account property of the second online account.10. A non-transitory computer readable medium including instructions forcausing a processor to perform operations for entity integration, theoperations comprising: receiving, from a user device in response toinput from a user of the user device, an electronic request to associatea first online account of the user with a second online account of theuser, wherein the first online account is associated with a firstentity, and wherein the second online account is associated with asecond entity different from the first entity; authenticating the userdevice to verify that an identity of the user is authentic; determiningwhether the second online account exists; in response to determiningthat the second online account exists, identifying a match between afirst user property of the first online account and a second userproperty of the second online account; and based on the identifiedmatch, linking the first online account with the second online account,and updating, based on a first online account property of the firstonline account, a second online account property of the second onlineaccount.
 11. The non-transitory computer readable medium of claim 10,wherein to perform the linking the first online account with the secondonline account, the operations comprise: linking the first onlineaccount with the second online account in response to the user logginginto the first online account through a graphical user interfaceassociated with the second online account.
 12. The non-transitorycomputer readable medium of claim 10, wherein: the first online accountcomprises a plurality of payment methods having a plurality of rewardspoints options; and after linking the first online account with thesecond online account, the operations further comprise: receiving, fromthe second entity, an electronic transaction request associated with thesecond online account; selecting one of the plurality of payment methodshaving a maximum rewards points for the electronic transaction request;generating a first electronic message recommending the selected one ofthe plurality of payment methods for completing the electronictransaction request; transmitting the first electronic message to asecure application installed on the user device and associated with theuser, the first online account, and the first entity; receiving, fromthe secure application, a second electronic message indicative of aninstruction from the user to complete the electronic transaction requestusing the selected one of the plurality of payment methods; and inresponse to receiving the second electronic message, completing theelectronic transaction request using the selected one of the pluralityof payment methods.
 13. The non-transitory computer readable medium ofclaim 10, wherein the operations further comprise: in response todetermining that the second online account does not exist, generatingthe second online account based on the first online account.
 14. Thenon-transitory computer readable medium of claim 13, wherein theoperations further comprise: generating a password for the second onlineaccount; generating an electronic message comprising the password; andtransmitting the electronic message to a secure application installed onthe user device and associated with the user, the first online account,and the first entity.
 15. The non-transitory computer readable medium ofclaim 10, wherein the operations further comprise: in response todetecting an unauthorized access to the first online account, lockingthe first online account property of the first online account; andupdating, based on the locked first online account property of the firstonline account, the second online account property of the second onlineaccount to lock the second online account property of the second onlineaccount.
 16. A computing system for entity integration, comprising: astorage unit configured to store instructions; a control unit coupled tothe storage unit and configured to process the stored instructions to:receive, from a user device in response to input from a user of the userdevice, an electronic request to associate a first online account of theuser with a second online account of the user, wherein the first onlineaccount is associated with a first entity, and wherein the second onlineaccount is associated with a second entity different from the firstentity; authenticate the user device to verify that an identity of theuser is authentic; determine whether the second online account exists;in response to a determination that the second online account exists,identify a match between a first user property of the first onlineaccount and a second user property of the second online account; andbased on the identified match, link the first online account with thesecond online account, and update, based on a first online accountproperty of the first online account, a second online account propertyof the second online account.
 17. The computing system of claim 16,wherein to link the first online account with the second online account,the control unit is configured to process the stored instructions to:link the first online account with the second online account in responseto the user logging into the first online account through a graphicaluser interface associated with the second online account.
 18. Thecomputing system of claim 16, wherein: the first online accountcomprises a plurality of payment methods having a plurality of rewardspoints options; and after the first online account has been linked withthe second online account, the control unit is further configured toprocess the stored instructions to: receive, from the second entity, anelectronic transaction request associated with the second onlineaccount; select one of the plurality of payment methods having a maximumrewards points for the electronic transaction request; generate a firstelectronic message recommending the selected one of the plurality ofpayment methods for completing the electronic transaction request;transmit the first electronic message to a secure application installedon the user device and associated with the user, the first onlineaccount, and the first entity; receive, from the secure application, asecond electronic message indicative of an instruction from the user tocomplete the electronic transaction request using the selected one ofthe plurality of payment methods; and in response to a receipt of thesecond electronic message, complete the electronic transaction requestusing the selected one of the plurality of payment methods.
 19. Thecomputing system of claim 16, wherein the control unit is furtherconfigured to process the stored instructions to: in response to a thirddetermination that the second online account does not exist, generatethe second online account based on the first online account, generate apassword for the second online account, generate an electronic messagecomprising the password, and transmit the electronic message to a secureapplication installed on the user device and associated with the user,the first online account, and the first entity.
 20. The computing systemof claim 16, wherein the control unit is further configured to processthe stored instructions to: in response to a detection of anunauthorized access to the first online account, lock the first onlineaccount property of the first online account; and update, based on thelocked first online account property of the first online account, thesecond online account property of the second online account to lock thesecond online account property of the second online account.